Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

trojan-spy.html.smitfraud.c

V.Srinivasa rao

Posted 15 May 2005 - 03:08 AM

V.Srinivasa rao

New Member

Member

4 posts

My computer is infected with trojan-spy.html.smitfraud.c spyware for the last 2 days.After booting the message on the blue screen shows the system is infected with the trojan-spy.html.smitfraud.c spyware.This also shows the sytem cannot run in normal node and asks to check the sytem's security settings.The message also shows that the fatal error has occured at 0028:C0011E36 in VXD VMM(01) +00010E36.The message also showing me to check with any spyware to fix the problem.

I tried to download some spyware remover,but after running observed it could not fully remove all the infections.And the system continues to show the above message after booting up.In between the messages show that internet explorer is infected and windows to be re loaded.When tried to re load by using the windows 98 dump from d drive it is not starting.Also iam not able to change my display settings.

Please help to cure the problem.After seeing the geeks to go i ran the hijack this and the log report is enclosed below.

-=jonnyrotten=-

Posted 15 May 2005 - 02:30 PM

Download it to your desktop or somewhere you will find it. Extract the .inf file from the .zip file you just downloaded. Now right click "Deldomains.inf" and click "Install". It will not appear to have done anything, thats ok. Next step.

You may wish to print out a copy of these instructions to follow while you complete this procedure.Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\WINDOWS\SYSTEM32\USBN.EXEgclib.exe <<<Probably found in C:\Windows or C:\Windows\System32C:\WINDOWS\SYSTEM\atiupdpl.exeC:\WP.EXE

Now click Start, All Programs, CleanUP!. Click the "CleanUP!" button and when asked to logoff click NO. Now reboot normally and post a new hijack this log.

Open Notepad. Copy EVERYTHING in the box below and paste it into a new notepad file. Change the 'Save As Type' to "All Files" and save it as fix.reg on your desktop. Make sure there is NO blank line above REGEDIT4:

Locate fix.reg on your desktop and doubleclick on it. When asked if you want to merge with the registry click YES. After you receive the prompt "merged successfully", follow the rest of instructions below.

2.) Right Click HERE and go to Save As in order to download DelDomains.inf to your desktop.To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

V.Srinivasa rao

Posted 22 May 2005 - 03:13 AM

V.Srinivasa rao

New Member

Topic Starter

Member

4 posts

Dear sir,

Thanks a lot.At least i got rid of the security message that my system is infected with trojan------, by following your reply.As informed i ran ACTIVE SCAN but as it was taking too long time i stopped it in between and hence i could not add the active scan log.Any way please find below latest hyjack this log.

Earlier i downloaded free AVG antivirus and later un installed it.But after rebooting now the screen shows it could not find some file in C:\program files\grysoft\AVG----- and asking me to press any key to continue (The message is referring to system.ini file.)

Please let me know what antivirus files and spyware programs , fire walls to be down loaded so that to avoid the recurrence of the trojan---- etc will be avoided..Whether all the programs down loaded while following your instructions need to be removed or kept as it is.

-=jonnyrotten=-

Posted 22 May 2005 - 12:54 PM

V.Srinivasa rao

Posted 23 May 2005 - 02:54 AM

V.Srinivasa rao

New Member

Topic Starter

Member

4 posts

Dear Sir,

Iam extremely sorry not to have posted the hijack this log.Please find attached the log here.By this time i have installed avg free from internet again to avoid seeing the error messages while bootin up.

-=jonnyrotten=-

Posted 23 May 2005 - 12:19 PM

-=jonnyrotten=-

Member 2k

Retired Staff

2,678 posts

Very nice, you look clean to me. Please visit my anti-malware page, you can find the link in my signature. Read up there on what to install to keep yourself safe, and how to stay that way. Let me know if you have anymore questions. Avg is a very good antivirus program, by the way